If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Tunneling Connections through a firewall

Is there any place with good documentation about tunneling and spoofing port connections through a firewall to the internal NAT'd network? Say for instance the firewall routes http requests to an internal ip, is there a way you can tunnel say telnet or ssh though port 80 to allow you to connect to the webserver while folling the firewall? Or have I just seen 1 too many hacker movies?

Lets say the firewall is a linux box running iptable rules, and the webserver is also running linux.

If it's a Linux box, you could use httptunnel. It's a well-known program for tunneling through port 80... And it's free. They have binaries for Windows as well, in case you want to use it on a Windows machine.

Try searching on Google for "tunnel" or "tunnel http" or stuff like that if you want more info.

if you bind nc to port 80 it is 'in front of' the webserver so any one trying to view the site will think the server is down. i would think the same would be true of anything that just captures the web traffic. but you could use AT (you need access to get it there to begin with) to schedule it to run every night at an off hour. using the -l arg which would give you access at that time and close when your done instead of -L which would just keep listening for another connection. less chance of it being noticed. the way its mostly done today is usually with sql injection, constructing sql statements to run commands or just a poorly patched and configured server that allows you to run commands on the server and viewing the results in your web browser. i guess the best illustration of this would be the antique iis 4/5 unicode exploit. long since fixed but still around.

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

The fact of the matter is that there are *many* ways to tunnel traffic through a firewall. You have all of the aforementioned along with LOKI, HPING, any of the B/O agents, etc.. Hell, even VNC *could* tunnel traffic through using Stunnel (SSH tunneling app). The bottom line is your ability to use any of these methods depends on the firewall itself (is it a piece of crap), your skills and/or the ability of the FW admin to properly create ACLs.

--TH13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

i can use this netcat to connect through different subnet? for example, in my college we have 2 subnets. One is wireless and another one is cable one. On the cable side we have dc++ server and the students from wireless side want to connect to the server. the Subnet are as follow
wireless - 192.168.200.1
cable - 10.0.0.1